...
Navigate to the menu entry SSO, click on Level of Authentication level, then select the Authentication Level you want to add the Integrated Windows Authentication.
In the tab Authentication level Entry Level of authentication entry add a new entry for Integrated Windows Authentication
One Once the new entry is created click on it to open the corresponding configuration.
...
| Info |
|---|
If you can’t choose “Windows Auhtentication“Authentication“, you have to activate “Windows Authentication“ in the database: SELECT * FROM moving_appcustomer_900000.servicecorelogin_logon_method where ID = 10; |
...
Edit the target system in and add/edit the attribute Authentication Domain Name, it should contain the corresponding Domain Name of the target System. (To find out the Authentication Domain Name, you can open CMD on the domain controller and enter "whoami." The value before the backslash is the Authentication Domain Name.)
Open the tab System Feature and activate the function Authentication Provider active.
...
Make sure the CoreOne Suite Account and the provisioning configuration where you want to use Integrated Windows Authentication have different Usernames.
For the Active Directory this means the Sam-Account-Name has to be different than the Username username of the CoreOne Suite Account.
...
Enable Windows Authentication in IIS for the site where the CoreOne Authentication Service according to this link: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/
Step 6 (Optional) - Internet Explorer Settings
Usually this step is in the responsibility of the customer and should be done by him (usually through a group policy) and is only necessary for our internal systems:
Enable IWA for IE and Edge:
https://help.hcltechsw.com/domino/11.0.1/admin/secu_preparing_ie_for_adfs.html